Month: February 2012

By now everyone has seen the “this stuff matters” box on Google's search page. The “This stuff matters” message is pretty interesting – it sounds like Google understands our concerns and is taking them seriously. On that basis I expect many people – fearing another 80 page privacy policy – will just move on to get their search result.

But some will actually take the time to follow the link. And what they'll see actually is important.

First, they'll find out that beginning this Thursday Google will amalgamate all the information it has about their activities and postings on all of Google's sites and services into a single account profile. This in spite of the fact that most people put content on those sites and entered queries into Google search pages thinking the information was limited to the specific context in which they were participating.

Second, they'll find out that as customers they have no choice about the matter. Even though in many cases they have helped create the knowledge and content that makes Google successful, their option if they dislike the policy is to completely stop using Google sites by Wednesday February 29th 2012.

Of course all of this is perfectly in keeping with the creepy “Real Names” initiative forced upon us a few months ago. At that time, we were told “Real Names” only applied to “certain Google sites” – like Google+. What a surprise that so little time later, ALL account and profile information from ALL Google properties is being amalgamated under a single privacy and identity policy! As we predicted, Real Names is slithering into the whole fabric of the company's offerings, whether specific sites benefit from what will often be “over-identification” or not.

Happily, one group of people who actually bothered to look into the change were the Attorneys General of the United States. Today they published a cogent and devastating letter that does an admirable job of enumerating the many deeply disturbing implications of Google's latest identity initiative. It begins,

“Google’s new privacy policy is troubling for a number of reasons. On a fundamental level, the policy appears to invade consumer privacy by automatically sharing personal information consumers input into one Google product with all Google products. Consumers have diverse interests and concerns, and may want the information in their Web History to be kept separate from the information they exchange via Gmail. Likewise, consumers may be comfortable with Google knowing their Search queries but not with it knowing their whereabouts, yet the new privacy policy appears to give them no choice in the matter, further invading their privacy. It rings hollow to call their ability to exit the Google products ecosystem a “choice” in an Internet economy where the clear majority of all Internet users use – and frequently rely on – at least one Google product on a regular basis.”

The Attorneys General then go on to discuss the contagion between Google's consumer offerings and their enterprise ones… What does this kind of identity grab mean for companies and governments who have put corporate and state information under Google's stewardship? Can the companies who steward the resources of the World Wide Web change their privacy and other policies in radical and even maniacal ways without regard to the policies in effect when those resources were created? Can they simply tell those who have bought into previous promises to either accept their brave new world or “take a walk”? As the attorneys put it,

“This invasion of privacy will be costly for many users to escape. For users who rely on Google products for their business – a use that Google has actively promoted1 – avoiding this information sharing may mean moving their entire business over to different platforms, reprinting any business cards or letterhead that contained Gmail addresses, re-training employees on web-based sharing and calendar services, and more. The problem is compounded for the many federal, state, and local government agencies that have transitioned to Google Apps for Government at the encouragement of your company, and that now will need to spend taxpayer dollars determining how this change affects the security of their information and whether they need to switch to different platforms.”

Not long ago, John Fontana suggested we get together to discuss the degree to which the Laws of Identity remain relevant seven years after they were published. I look forward to that conversation. Google's actions show there are still companies who could benefit from reading them. After all, it is clearly breaking three Laws of Identity:

Law 1: User Control and Consent. Users should never have identity information merged or divulged without their consent.

Law 2: Minimal Disclosure for a Constrained Use. It is wrong to link all information pertaining to a user across different contexts when it was provided for specific uses.

Law 4: Directed Identity. Systems should not create unnecessary correlation across different contexts unless people opt to do that. They thus should be able support identitfiers that are limited to specific scopes – as has been the case at Google's sites until now.